UBUNTU-CVE-2020-0423

Details

In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161151868References: N/A

Affected Packages(65 packages)

linux-aws-hwe

Ubuntu 16.04 LTS

Fixed in:

4.15.0-1091.96~16.04.1

linux-azure

Ubuntu 16.04 LTS

Fixed in:

4.15.0-1103.114~16.04.1

linux-gcp

Ubuntu 16.04 LTS

Fixed in:

4.15.0-1091.104~16.04.1

linux-hwe

Ubuntu 16.04 LTS

Fixed in:

4.15.0-129.132~16.04.1

linux-hwe-edge

Ubuntu 16.04 LTS

Affected versions:

4.10.0-14.16~16.04.14.10.0-19.21~16.04.14.10.0-20.22~16.04.14.10.0-21.23~16.04.14.10.0-22.24~16.04.14.10.0-24.28~16.04.14.10.0-26.30~16.04.14.11.0-13.19~16.04.14.11.0-14.20~16.04.14.13.0-16.19~16.04.3+13 more

linux-oracle

Ubuntu 16.04 LTS

Fixed in:

4.15.0-1062.68~16.04.1

linux

Ubuntu 18.04 LTS

Fixed in:

4.15.0-129.132

linux-aws

Ubuntu 18.04 LTS

Fixed in:

4.15.0-1091.96

linux-aws-5.0

Ubuntu 18.04 LTS

Affected versions:

5.0.0-1021.24~18.04.15.0.0-1022.25~18.04.15.0.0-1023.26~18.04.15.0.0-1024.27~18.04.15.0.0-1025.285.0.0-1027.30

linux-aws-5.3

Ubuntu 18.04 LTS

Affected versions:

5.3.0-1016.17~18.04.15.3.0-1017.18~18.04.15.3.0-1019.21~18.04.15.3.0-1023.25~18.04.15.3.0-1028.30~18.04.15.3.0-1030.32~18.04.15.3.0-1032.34~18.04.25.3.0-1033.355.3.0-1034.365.3.0-1035.37

References

REPORT

https://git.kernel.org/linus/f3277cbfba763cd2826396521b9296de67cf1bbc

REPORT

https://ubuntu.com/security/CVE-2020-0423

ADVISORY

https://ubuntu.com/security/notices/USN-4658-1

ADVISORY

https://ubuntu.com/security/notices/USN-4659-1

ADVISORY

https://ubuntu.com/security/notices/USN-4680-1

ADVISORY

https://ubuntu.com/security/notices/USN-4912-1

REPORT

https://www.cve.org/CVERecord?id=CVE-2020-0423